secure-ui-components 0.1.0-beta.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Secure-UI Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,310 @@
+# secure-ui-components
+
+Security-first web component library with zero dependencies.
+
+**[Live Demo](https://barryprender.github.io/Secure-UI/)** — Try all components in your browser.
+
+## 🔒 Features
+
+- **8 Secure Components**: Input, Textarea, Select, Form, File Upload, DateTime, Table, Submit Button
+- **4-Tier Security System**: PUBLIC, AUTHENTICATED, SENSITIVE, CRITICAL
+- **Progressive Enhancement**: Works without JavaScript
+- **Zero Dependencies**: Pure TypeScript, no runtime dependencies
+- **Fully Customizable**: CSS Design Tokens + CSS Parts API
+- **SSR Friendly**: Components render meaningful markup without JavaScript
+- **Comprehensive Testing**: Unit tests and security tests included
+
+## 📦 Installation
+
+```bash
+npm install secure-ui-components
+```
+
+## 🚀 Quick Start
+
+### Bundler (Vite, Webpack, Rollup, etc.)
+
+Import the components you need — each import auto-registers its custom element:
+
+```js
+import 'secure-ui-components/secure-input';
+import 'secure-ui-components/secure-form';
+```
+
+Then use them in your HTML:
+
+```html
+<secure-input
+  label="Email Address"
+  name="email"
+  type="email"
+  required
+  security-tier="authenticated"
+></secure-input>
+```
+
+### CDN / Vanilla HTML (no bundler)
+
+```html
+<!DOCTYPE html>
+<html>
+<head>
+  <link rel="stylesheet" href="https://unpkg.com/secure-ui-components/dist/styles/tokens.css">
+</head>
+<body>
+  <secure-input
+    label="Email Address"
+    name="email"
+    type="email"
+    required
+    security-tier="authenticated"
+  ></secure-input>
+
+  <script type="module">
+    import 'https://unpkg.com/secure-ui-components/dist/index.js';
+  </script>
+</body>
+</html>
+```
+
+## 🧩 Available Components
+
+### SecureInput
+Text input with security features and validation.
+
+```html
+<secure-input
+  label="Password"
+  name="password"
+  type="password"
+  required
+  security-tier="critical"
+></secure-input>
+```
+
+### SecureTextarea
+Multi-line text input with character counting.
+
+```html
+<secure-textarea
+  label="Description"
+  name="description"
+  rows="5"
+  maxlength="500"
+></secure-textarea>
+```
+
+### SecureSelect
+Dropdown select with XSS prevention.
+
+```html
+<secure-select
+  label="Country"
+  name="country"
+  required
+>
+  <option value="us">United States</option>
+  <option value="uk">United Kingdom</option>
+</secure-select>
+```
+
+### SecureForm
+Form container with CSRF protection.
+
+```html
+<secure-form
+  action="/api/submit"
+  method="post"
+  csrf-token="your-token"
+  security-tier="sensitive"
+>
+  <!-- Your form fields here -->
+</secure-form>
+```
+
+### SecureFileUpload
+File upload with drag-drop and validation.
+
+```html
+<secure-file-upload
+  label="Upload Document"
+  name="document"
+  accept="image/*,.pdf"
+  max-size="5242880"
+></secure-file-upload>
+```
+
+### SecureDateTime
+Date and time picker with range validation.
+
+```html
+<secure-datetime
+  label="Birth Date"
+  name="birthdate"
+  type="date"
+  min="1900-01-01"
+  max="2025-12-31"
+></secure-datetime>
+```
+
+### SecureSubmitButton
+Accessible submit button with loading state and security integration.
+
+```html
+<secure-submit-button label="Submit"></secure-submit-button>
+```
+
+### SecureTable
+Data table with sorting, filtering, and pagination.
+
+```javascript
+const table = document.querySelector('secure-table');
+table.data = [
+  { id: 1, name: 'John', email: 'john@example.com' },
+  { id: 2, name: 'Jane', email: 'jane@example.com' }
+];
+table.columns = [
+  { key: 'id', label: 'ID', sortable: true },
+  { key: 'name', label: 'Name', sortable: true, filterable: true },
+  { key: 'email', label: 'Email', sortable: true, tier: 'sensitive' }
+];
+```
+
+## 🎨 Customization
+
+### Using Design Tokens
+
+```css
+:root {
+  /* Override global colors */
+  --secure-ui-color-primary: #your-brand-color;
+  --secure-ui-input-border-radius: 8px;
+  --secure-ui-font-family-base: 'Your Font', sans-serif;
+}
+```
+
+### Using CSS Parts API
+
+```css
+/* Style internal elements */
+secure-input::part(label) {
+  font-weight: 700;
+  text-transform: uppercase;
+}
+
+secure-input::part(input) {
+  font-family: monospace;
+}
+
+secure-input::part(error) {
+  background: #ffe0e0;
+  padding: 0.5rem;
+}
+```
+
+See the [Customization Guide](https://github.com/Barryprender/Secure-UI/blob/main/secure-ui-components/docs/customization.md) for a complete styling guide with examples.
+
+## 🔐 Security Tiers
+
+```html
+<!-- PUBLIC: Basic validation -->
+<secure-input security-tier="public"></secure-input>
+
+<!-- AUTHENTICATED: Enhanced validation, detailed logging -->
+<secure-input security-tier="authenticated"></secure-input>
+
+<!-- SENSITIVE: Strict validation, autocomplete disabled -->
+<secure-input security-tier="sensitive"></secure-input>
+
+<!-- CRITICAL: Maximum security, masking, rate limiting -->
+<secure-input security-tier="critical" type="password"></secure-input>
+```
+
+## 🧪 Testing
+
+All components include comprehensive tests:
+
+```bash
+# Run all tests
+npm test
+
+# Run tests in watch mode
+npm run test:watch
+
+# Run tests with coverage report
+npm run test:coverage
+```
+
+## 📖 Documentation
+
+- [Customization Guide](https://github.com/Barryprender/Secure-UI/blob/main/secure-ui-components/docs/customization.md) - Complete styling guide
+- [Architecture](https://github.com/Barryprender/Secure-UI/blob/main/secure-ui-components/docs/ARCHITECTURE.md) - Technical architecture details
+
+## 📝 API Reference
+
+### Common Attributes
+
+All components support:
+
+| Attribute | Type | Description |
+|-----------|------|-------------|
+| `label` | `string` | Visible field label |
+| `name` | `string` | Form field name |
+| `required` | `boolean` | Mark field as required |
+| `disabled` | `boolean` | Disable the field |
+| `readonly` | `boolean` | Make the field read-only |
+| `security-tier` | `string` | Security level: `public`, `authenticated`, `sensitive`, `critical` (default: `critical`) |
+
+### Common Properties / Methods
+
+```js
+const el = document.querySelector('secure-input');
+
+el.value          // get current value (unmasked)
+el.value = 'foo'  // set value programmatically
+el.valid          // boolean — passes all validation rules
+el.name           // field name string
+el.getAuditLog()  // returns array of security audit log entries
+```
+
+`secure-file-upload` also exposes:
+
+```js
+el.files          // FileList | null
+el.clear()        // clear selected files
+el.hasScanHook    // boolean
+el.scanning       // boolean — true while scan hook is running
+el.setScanHook(async (file) => { return { valid: true } })
+```
+
+### Common Events
+
+| Event | Fired by | Detail |
+|-------|----------|--------|
+| `secure-input` | `secure-input` | `{ name, value, masked, tier }` |
+| `secure-textarea` | `secure-textarea` | `{ name, value, tier }` |
+| `secure-select` | `secure-select` | `{ name, value, tier }` |
+| `secure-datetime` | `secure-datetime` | `{ name, value, type, tier }` |
+| `secure-file-upload` | `secure-file-upload` | `{ name, files, tier }` |
+| `secure-form-submit` | `secure-form` | `{ formData, formElement, preventDefault }` |
+| `secure-form-success` | `secure-form` | `{ formData, response }` |
+| `secure-audit` | all components | `{ event, tier, timestamp, … }` |
+| `table-action` | `secure-table` | `{ action, row }` |
+
+## 🤝 Contributing
+
+Contributions are welcome! Please see the main repository for guidelines.
+
+## 📄 License
+
+MIT License - see LICENSE file for details.
+
+## 🔗 Links
+
+- [GitHub Repository](https://github.com/Barryprender/Secure-UI)
+- [Live Demo](https://barryprender.github.io/Secure-UI/)
+
+## 🆘 Support
+
+- [Issue Tracker](https://github.com/Barryprender/Secure-UI/issues)
+- [Discussions](https://github.com/Barryprender/Secure-UI/discussions)

package/dist/components/secure-datetime/secure-datetime.css

@@ -0,0 +1,263 @@
+/**
+ * Secure DateTime Component Styles
+ * Uses design tokens for full customizability
+ */
+
+/* Container */
+.datetime-container {
+  margin-bottom: var(--secure-ui-form-gap);
+  font-family: var(--secure-ui-font-family-base);
+}
+
+/* Label */
+label {
+  display: block;
+  margin-bottom: var(--secure-ui-form-label-margin-bottom);
+  font-size: var(--secure-ui-label-font-size);
+  font-weight: var(--secure-ui-label-font-weight);
+  color: var(--secure-ui-label-color);
+}
+
+.label-suffix {
+  font-weight: var(--secure-ui-font-weight-normal);
+  color: var(--secure-ui-color-text-secondary);
+  font-size: var(--secure-ui-font-size-xs);
+  margin-left: var(--secure-ui-space-1);
+}
+
+.security-badge {
+  display: inline-block;
+  padding: var(--secure-ui-badge-padding);
+  margin-left: var(--secure-ui-space-2);
+  font-size: var(--secure-ui-badge-font-size);
+  font-weight: var(--secure-ui-font-weight-semibold);
+  border-radius: var(--secure-ui-badge-border-radius);
+  text-transform: uppercase;
+  background-color: var(--secure-ui-color-bg-tertiary);
+  color: var(--secure-ui-color-text-secondary);
+  border: var(--secure-ui-border-width-thin) solid var(--secure-ui-color-border);
+}
+
+/* Datetime Wrapper */
+.input-wrapper {
+  position: relative;
+}
+
+/* Datetime Input */
+.datetime-field {
+  width: 100%;
+  height: var(--secure-ui-input-height);
+  padding: var(--secure-ui-input-padding-y) var(--secure-ui-input-padding-x);
+
+  font-family: var(--secure-ui-font-family-base);
+  font-size: var(--secure-ui-input-font-size);
+  line-height: var(--secure-ui-line-height-normal);
+  color: var(--secure-ui-input-text-color);
+
+  background-color: var(--secure-ui-input-bg);
+  border: var(--secure-ui-input-border-width) solid var(--secure-ui-input-border-color);
+  border-radius: var(--secure-ui-input-border-radius);
+
+  transition: all var(--secure-ui-transition-base) var(--secure-ui-transition-ease-in-out);
+  cursor: pointer;
+  box-sizing: border-box;
+}
+
+.datetime-field::placeholder {
+  color: var(--secure-ui-input-placeholder-color);
+}
+
+.datetime-field:hover:not(:disabled):not([readonly]) {
+  border-color: var(--secure-ui-input-border-color-hover);
+}
+
+.datetime-field:focus {
+  outline: none;
+  border-color: var(--secure-ui-input-border-color-focus);
+  box-shadow: var(--secure-ui-shadow-focus);
+}
+
+.datetime-field.error {
+  border-color: var(--secure-ui-color-error);
+}
+
+.datetime-field.error:focus {
+  box-shadow: var(--secure-ui-shadow-focus-error);
+}
+
+.datetime-field:disabled {
+  background-color: var(--secure-ui-input-disabled-bg);
+  cursor: not-allowed;
+  opacity: var(--secure-ui-input-disabled-opacity);
+}
+
+.datetime-field[readonly] {
+  background-color: var(--secure-ui-color-bg-secondary);
+  cursor: default;
+}
+
+/* Calendar Icon Indicator
+   CSS alt-text syntax (content: 'emoji' / '') marks the pseudo-element as
+   presentational (no accessible name) in browsers that support it (Chrome 94+,
+   Firefox 92+, Safari 15.4+). This prevents screen readers from reading out
+   the verbose Unicode emoji name. */
+.input-wrapper::after {
+  content: '📅' / '';
+  position: absolute;
+  right: var(--secure-ui-space-3);
+  top: 50%;
+  transform: translateY(-50%);
+  pointer-events: none;
+  font-size: var(--secure-ui-font-size-lg);
+  color: var(--secure-ui-color-text-secondary);
+}
+
+.input-wrapper[data-type="time"]::after {
+  content: '🕐' / '';
+}
+
+.input-wrapper[data-type="datetime-local"]::after {
+  content: '📅' / '';
+}
+
+.input-wrapper[data-type="month"]::after {
+  content: '📆' / '';
+}
+
+.input-wrapper[data-type="week"]::after {
+  content: '📅' / '';
+}
+
+.input-wrapper .timezone-display {
+  position: absolute;
+  right: 0;
+  bottom: -1.25rem;
+}
+
+/* Range Display */
+.range-display {
+  display: none;
+  margin-top: var(--secure-ui-space-2);
+  padding: var(--secure-ui-space-2) var(--secure-ui-space-3);
+  background-color: var(--secure-ui-color-bg-secondary);
+  border-radius: var(--secure-ui-border-radius-sm);
+  font-size: var(--secure-ui-font-size-xs);
+  color: var(--secure-ui-color-text-secondary);
+}
+
+.range-display.visible {
+  display: block;
+}
+
+.range-item {
+  margin-bottom: var(--secure-ui-space-1);
+}
+
+.range-item:last-child {
+  margin-bottom: 0;
+}
+
+.range-label {
+  font-weight: var(--secure-ui-font-weight-medium);
+  margin-right: var(--secure-ui-space-1);
+}
+
+/* Helper Text */
+.helper-text {
+  margin-top: var(--secure-ui-space-2);
+  font-size: var(--secure-ui-font-size-xs);
+  color: var(--secure-ui-color-text-secondary);
+  line-height: var(--secure-ui-line-height-normal);
+}
+
+/* Error Container */
+.error-container {
+  position: absolute;
+  margin-top: var(--secure-ui-form-error-margin-top);
+  font-size: var(--secure-ui-error-font-size);
+  color: var(--secure-ui-error-color);
+  line-height: var(--secure-ui-line-height-normal);
+  overflow: hidden;
+  max-height: 40px;
+  opacity: 1;
+  transform: translateY(0);
+  transition: opacity 0.2s ease-out, transform 0.2s ease-out, max-height 0.2s ease-out, margin-top 0.2s ease-out;
+}
+
+.error-container.hidden {
+  max-height: 0;
+  opacity: 0;
+  transform: translateY(-4px);
+  margin-top: 0;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .datetime-field,
+  .error-container {
+    transition: none !important;
+  }
+}
+
+/* Security Tier Styles */
+/* :host([security-tier="authenticated"]) .datetime-field {
+  border-color: var(--secure-ui-tier-authenticated);
+}
+
+:host([security-tier="sensitive"]) .datetime-field {
+  border-color: var(--secure-ui-tier-sensitive);
+}
+
+:host([security-tier="critical"]) .datetime-field {
+  border-color: var(--secure-ui-tier-critical);
+} */
+
+/* Browser-specific Adjustments */
+/* Chrome/Safari date picker styling */
+.datetime-field::-webkit-calendar-picker-indicator {
+  display: inline-block;
+  cursor: pointer;
+  opacity: 1;
+  padding: 4px;
+  margin-left: 4px;
+}
+
+.datetime-field:disabled::-webkit-calendar-picker-indicator {
+  cursor: not-allowed;
+  opacity: 0.3;
+}
+
+/* Inner spin button in Chrome/Safari */
+.datetime-field::-webkit-inner-spin-button {
+  height: auto;
+  opacity: 0.6;
+  cursor: pointer;
+}
+
+/* Validation States */
+.datetime-field:valid:not(:placeholder-shown):not(:focus) {
+  border-color: var(--secure-ui-color-success);
+}
+
+.datetime-field:invalid:not(:placeholder-shown):not(:focus) {
+  border-color: var(--secure-ui-color-error);
+}
+
+/* Focus Within Container */
+.datetime-container:focus-within label {
+  color: var(--secure-ui-color-primary);
+}
+
+/* Disabled State */
+.datetime-container.disabled {
+  opacity: var(--secure-ui-input-disabled-opacity);
+}
+
+.datetime-container.disabled label {
+  color: var(--secure-ui-color-text-disabled);
+}
+
+/* Required Indicator */
+label .required {
+  color: var(--secure-ui-color-error);
+  margin-left: var(--secure-ui-space-1);
+}

package/dist/components/secure-datetime/secure-datetime.d.ts

@@ -0,0 +1,124 @@
+/**
+ * @fileoverview Secure Date/Time Picker Component
+ *
+ * A security-first date/time picker component that implements progressive enhancement,
+ * validation, and audit logging.
+ *
+ * Progressive Enhancement Strategy:
+ * 1. Without JavaScript: Falls back to native HTML5 date/time inputs
+ * 2. With JavaScript: Enhances with validation, range limits, audit logging
+ *
+ * Usage:
+ * <secure-datetime
+ *   security-tier="authenticated"
+ *   name="appointment"
+ *   label="Appointment Date"
+ *   type="datetime-local"
+ *   min="2024-01-01T00:00"
+ *   max="2024-12-31T23:59"
+ *   required
+ * ></secure-datetime>
+ *
+ * Security Features:
+ * - Input sanitization and validation
+ * - Date range enforcement
+ * - Rate limiting for sensitive/critical tiers
+ * - Comprehensive audit logging
+ * - Timezone awareness
+ * - Format validation
+ *
+ * @module secure-datetime
+ * @license MIT
+ */
+import { SecureBaseComponent } from '../../core/base-component.js';
+/**
+ * Secure DateTime Web Component
+ *
+ * Provides a security-hardened date/time picker with progressive enhancement.
+ * The component works as a standard HTML5 date/time input without JavaScript and
+ * enhances with security features when JavaScript is available.
+ *
+ * @extends SecureBaseComponent
+ */
+export declare class SecureDateTime extends SecureBaseComponent {
+    #private;
+    /**
+     * Observed attributes for this component
+     *
+     * @static
+     */
+    static get observedAttributes(): string[];
+    /**
+     * Constructor
+     */
+    constructor();
+    /**
+     * Render the datetime component
+     *
+     * Security Note: We use native HTML5 date/time inputs wrapped in our web component
+     * to ensure progressive enhancement and browser-native date validation.
+     *
+     * @protected
+     */
+    protected render(): DocumentFragment | HTMLElement | null;
+    /**
+     * Handle attribute changes
+     *
+     * @protected
+     */
+    protected handleAttributeChange(name: string, _oldValue: string | null, newValue: string | null): void;
+    /**
+     * Get the current value
+     *
+     * @public
+     */
+    get value(): string;
+    /**
+     * Set the value
+     *
+     * @public
+     */
+    set value(value: string);
+    /**
+     * Get the input name
+     *
+     * @public
+     */
+    get name(): string;
+    /**
+     * Get value as Date object
+     *
+     * @public
+     */
+    getValueAsDate(): Date | null;
+    /**
+     * Set value from Date object
+     *
+     * @public
+     */
+    setValueFromDate(date: Date): void;
+    /**
+     * Check if the datetime is valid
+     *
+     * @public
+     */
+    get valid(): boolean;
+    /**
+     * Focus the input
+     *
+     * @public
+     */
+    focus(): void;
+    /**
+     * Blur the input
+     *
+     * @public
+     */
+    blur(): void;
+    /**
+     * Cleanup on disconnect
+     */
+    disconnectedCallback(): void;
+}
+export default SecureDateTime;
+//# sourceMappingURL=secure-datetime.d.ts.map